<!doctype html>
<script>
function test(){
	var str = document.getElementById("text").value;
	document.getElementById("t").innerHTML = "<a href='" + str + "'>testLink</a>";
}
</script>

<div id="t" ></div>
<input type="text" id="text" value="" />
<input type="button" id="s" value="write" onclick="test()" />

<!-- 
On this webpage, try to input

	'onclick=alert(/xss/) //

or

	'><img src=# onerror=alert(/xss2/) /><'

 -->
